hxxps://pabaxitutidose[.]weebly[.]com/uploads/1/4/2/7/142777778/dekilelanajubab[.]pdf

Analysis

max time kernel
37s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pabaxitutidose.weebly.com/uploads/1/4/2/7/142777778/dekilelanajubab.pdf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603420589161204"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
956	chrome.exe
956	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe
Token: SeShutdownPrivilege	956	chrome.exe
Token: SeCreatePagefilePrivilege	956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe
956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 828	956	chrome.exe	91
PID 956 wrote to memory of 828	956	chrome.exe	91
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 464	956	chrome.exe	94
PID 956 wrote to memory of 3524	956	chrome.exe	95
PID 956 wrote to memory of 3524	956	chrome.exe	95
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96
PID 956 wrote to memory of 4276	956	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pabaxitutidose.weebly.com/uploads/1/4/2/7/142777778/dekilelanajubab.pdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff997dd9758,0x7ff997dd9768,0x7ff997dd9778
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:2
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4820 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4968 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5648 --field-trial-handle=1888,i,10947129603920308181,16414056962358804375,131072 /prefetch:1
  2⤵
  PID:4776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef777fd825dc7355ec6b7584b07872e5

SHA1
46212a86a6a2845d4f1c1f245c45ee8006110d0f

SHA256
bdb02002e2420ae0db5689d0d87814afaeb976da07323ab2625efbd32743645e

SHA512
64f2523594f64d41762296b8447fd6a91eb2e534c905070ab74b0cafcbd08527b7a2125e1d87e49f16ce32676606657f22d9e70c9c788e72d66bf8fa046c9eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4a933f34f85db3a1375417da2ce72ec

SHA1
f1b4fbb07c50378fa5d3862a7c1d080414e62d57

SHA256
c7b3e4493e83646d0a92d779be8688955f98323777df16d4ddd88da660f42e98

SHA512
fedeecb35b8f38cf7b285b61de1f5ce4bd06e2878cfb8b2fdab05cf4b48a1c53f7b9d64b8eadc6827f3f810ac51c5b0312bd333f1ceaa972985c529a2723e869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
dd49c174ab14aca2a73ad0488d3eb08b

SHA1
00c15878613f9e5eec85d4f0834ca97b0a46499d

SHA256
78035584a4924392692ea1cc6a56a4dce06628f0d5902b8010a5e1d855821566

SHA512
47bfefd2a75c95a7ac5517c8382c898f5b8d08fcb6c86f6915c658b9e4491b12b6ccd9a2f1cdb6d681f0a3fa9fd788d5ca9484a948aa9fd287209aa03ab231ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit